[Secure-testing-commits] r50577 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Apr 11 19:23:15 UTC 2017


Author: jmm
Date: 2017-04-11 19:23:15 +0000 (Tue, 11 Apr 2017)
New Revision: 50577

Modified:
   data/CVE/list
Log:
NFUs


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-04-11 18:31:45 UTC (rev 50576)
+++ data/CVE/list	2017-04-11 19:23:15 UTC (rev 50577)
@@ -39,13 +39,13 @@
 CVE-2017-7626
 	RESERVED
 CVE-2017-7625 (In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the ...)
-	TODO: check
+	NOT-FOR-US: Fiyo CMS
 CVE-2017-7624 (The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ...)
-	TODO: check
+	NOT-FOR-US: ImageWorsener
 CVE-2017-7623 (The iwmiffr_convert_row32 function in imagew-miff.c in ...)
-	TODO: check
+	NOT-FOR-US: ImageWorsener
 CVE-2017-7622 (dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 ...)
-	TODO: check
+	NOT-FOR-US: dde-daemon
 CVE-2017-7621
 	RESERVED
 CVE-2017-7620
@@ -57,9 +57,9 @@
 	- linux <unfixed>
 	NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6)
 CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain ...)
-	TODO: check
+	NOT-FOR-US: Synology Photo Station
 CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated ...)
-	TODO: check
+	NOT-FOR-US: Synology Photo Station
 CVE-2017-7615
 	RESERVED
 CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
@@ -783,11 +783,11 @@
 	- linux <unfixed>
 	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
 CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manager for ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2016-10311 (Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows ...)
-	TODO: check
+	NOT-FOR-US: SAP 
 CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in ...)
-	TODO: check
+	NOT-FOR-US: MobiLink Synchronization Server
 CVE-2017-7344
 	RESERVED
 CVE-2017-7343
@@ -908,7 +908,7 @@
 CVE-2016-10305 (Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= ...)
 	NOT-FOR-US: Trango
 CVE-2016-10304 (The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows ...)
-	TODO: check
+	NOT-FOR-US: SAP
 CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ...)
 	- linux 4.9.18-1
 	NOTE: Fixed by: https://git.kernel.org/linus/2b6867c2ce76c596676bec7d2d525af525fdc6e2
@@ -1478,7 +1478,7 @@
 	NOTE: Fixed by: https://git.kernel.org/linus/bf33f87dd04c371ea33feb821b60d63d754e3124 (4.11-rc5)
 	NOTE: Introduced by: https://git.kernel.org/linus/65c26a0f39695ba01d9693754f27ca76cc8a3ab5 (3.17-rc1)
 CVE-2017-7185 (Use-after-free vulnerability in the ...)
-	TODO: check
+	NOT-FOR-US: Mongoose
 CVE-2017-7183 (The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers ...)
 	NOT-FOR-US: ExtraPuTTY
 CVE-2017-7182
@@ -4143,7 +4143,7 @@
 CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...)
 	NOT-FOR-US: APNGDis
 CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link ...)
-	TODO: check
+	NOT-FOR-US: D-Link
 CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before ...)
 	NOT-FOR-US: Amazon Kindle
 CVE-2017-6187 (Buffer overflow in the built-in web server in DiskSavvy Enterprise ...)
@@ -4612,7 +4612,7 @@
 CVE-2017-5989
 	RESERVED
 CVE-2017-5988 (NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is ...)
-	TODO: check
+	NOT-FOR-US: NetApp
 CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
 	- qemu 1:2.8+dfsg-3 (bug #855159)
 	[jessie] - qemu <no-dsa> (Minor issue)
@@ -4636,7 +4636,7 @@
 CVE-2017-5984
 	RESERVED
 CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before ...)
-	TODO: check
+	NOT-FOR-US: JIRA Workflow Designer Plugin
 CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
 	- kodi <unfixed> (bug #855225)
 	- xbmc <undetermined>
@@ -5809,7 +5809,7 @@
 CVE-2017-5609 (SQL injection vulnerability in include/functions_entries.inc.php in ...)
 	- serendipity <removed>
 CVE-2017-5607 (Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x ...)
-	TODO: check
+	NOT-FOR-US: Splunk
 CVE-2017-5606 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
 	NOT-FOR-US: Xabber
 CVE-2017-5605 (An incorrect implementation of "XEP-0280: Message Carbons" in multiple ...)
@@ -29375,7 +29375,7 @@
 	- phpmyadmin 4:4.6.4+dfsg1-1
 	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
 CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
-	TODO: check
+	NOT-FOR-US: Impala
 CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android ...)
 	NOT-FOR-US: Samsung
 CVE-2016-7513 [off-by-one error leading to segfault]
@@ -29773,7 +29773,7 @@
 CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have ...)
 	NOT-FOR-US: AVer
 CVE-2016-6534 (Opmantek NMIS before 4.3.7c has command injection via man, finger, ...)
-	TODO: check
+	NOT-FOR-US: Opmantek NMIS
 CVE-2016-6533
 	RESERVED
 CVE-2016-6532 (DEXIS Imaging Suite 10 has a hardcoded password for the sa account, ...)
@@ -32663,7 +32663,7 @@
 CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL Server ...)
 	NOT-FOR-US: ReadyDesk
 CVE-2016-5682 (Swagger-UI before 2.2.1 has XSS via the Default field in the ...)
-	TODO: check
+	NOT-FOR-US: Swagger-UI
 CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 ...)
 	NOT-FOR-US: D-Link
 CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 ...)
@@ -32749,7 +32749,7 @@
 CVE-2016-5643
 	RESERVED
 CVE-2016-5642 (Opmantek NMIS before 8.5.12G has XSS via SNMP. ...)
-	TODO: check
+	NOT-FOR-US: Opmantek NMIS
 CVE-2016-5641
 	RESERVED
 CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron ...)




More information about the Secure-testing-commits mailing list